UQL - Policy - Ultipa Graph

Change Password

Submit

Change Email

Submit

Change Nickname

Current Nickname:

Submit

Profile

Account ID:

Full Name:
Phone:
Company:
Company Email:
Country:
Language:

Change Password

Apply

You have no license application record.

Apply

Certificate	Issued at	Valid until	Serial No.	File

Serial No.	Valid until	File

Not having one? Apply now! >>>

Product	Created On	ID	Amount (USD)	Invoice

Product	Created On	ID	Amount (USD)	Invoice

No Invoice

Create Ultipa Account

Already have an Ultipa account? Sign in now!

Forgot Password

Reset Password

Back to sign in

Policy

Overview

A policy aggregates multiple privileges and other policies. Effective policy design and usage enable role-based access control.

Showing Policies

To list all policies of the database:

show().policy()

Or retrieves a specific policy, such as the one named manager:

show().policy("manager")

It returns a table _policy with the following fields:

Field	Description
`name`	Policy name.
`graphPrivileges`	Graph privileges included in the policy.
`systemPrivileges`	System privileges included in the policy.
`propertyPrivileges`	Property privileges included in the policy.
`policies`	Other policies included in the policy.

Creating a Policy

The create().policy().params() statement creates a policy for the database.

Syntax

create().policy("<name>").params({
  graph_privileges: {
    "<graph>": ["<graphPriv>", "<graphPriv>", ...],
    ...
  }, 
  system_privileges: ["<systemPriv>", "<systemPriv>", ...], 
  property_privileges: {
    "node": {
      "<propertyPriv>": [
        ["<graph>", "<schema>", "<property>"],
        ...
      ],
      ...
    },
    "edge": {
      "<propertyPriv>": [
        ["<graph>", "<schema>", "<property>"],
        ...
      ],
      ...
    }
  },
  policies: ["<policyName>", "<policyName>", ...]
})

Method	Param	Description
`policy()`	`<name>`	The unique name of the policy. Naming conventions: 2 to 64 characters. Begins with a letter. Allowed characters: letters (A-Z, a-z), numbers (0-9) and underscores (`_`).
`params()`	`graph_privileges`	Specifies graph privileges to include in the policy; uses `"*"` to specify all graphsets.
	`system_privileges`	Specifies system privileges to include in the policy.
	`property_privileges`	Specifies `node` and `edge` property privileges to include in the policy; uses `["", "", "*"]` to specify all graphsets, all schemas, or all properties.
	`policies`	Specifies policies to include in the policy.

Examples

To create a policy called superADM, including all graph and system privileges, and write privilege for all properties, it doesn't include any other policies:

create().policy("superADM").params({
  graph_privileges: {"*":["READ","INSERT","UPSERT","UPDATE","DELETE","CREATE_SCHEMA","DROP_SCHEMA","ALTER_SCHEMA","SHOW_SCHEMA","RELOAD_SCHEMA","CREATE_PROPERTY","DROP_PROPERTY","ALTER_PROPERTY","SHOW_PROPERTY","CREATE_FULLTEXT","DROP_FULLTEXT","SHOW_FULLTEXT","CREATE_INDEX","DROP_INDEX","SHOW_INDEX","LTE","UFE","CLEAR_JOB","STOP_JOB","SHOW_JOB","ALGO","CREATE_PROJECT","SHOW_PROJECT","DROP_PROJECT","CREATE_HDC_GRAPH","SHOW_HDC_GRAPH","DROP_HDC_GRAPH","COMPACT_HDC_GRAPH","SHOW_VECTOR_INDEX","CREATE_VECTOR_INDEX","DROP_VECTOR_INDEX","SHOW_CONSTRAINT","CREATE_CONSTRAINT","DROP_CONSTRAINT"]},
  system_privileges: ["TRUNCATE","COMPACT","CREATE_GRAPH","SHOW_GRAPH","DROP_GRAPH","ALTER_GRAPH","TOP","KILL","STAT","SHOW_POLICY","CREATE_POLICY","DROP_POLICY","ALTER_POLICY","SHOW_USER","CREATE_USER","DROP_USER","ALTER_USER","SHOW_PRIVILEGE","SHOW_META","SHOW_SHARD","ADD_SHARD","DELETE_SHARD","REPLACE_SHARD","SHOW_HDC_SERVER","ADD_HDC_SERVER","DELETE_HDC_SERVER","LICENSE_UPDATE","LICENSE_DUMP","GRANT","REVOKE","SHOW_BACKUP","CREATE_BACKUP","SHOW_VECTOR_SERVER","ADD_VECTOR_SERVER","DELETE_VECTOR_SERVER"],
  property_privileges: {
    "node": {"write": [["*", "*", "*"]]},
    "edge": {"write": [["*", "*", "*"]]}
  }
})

To create a policy called Tester that includes:

Graph privileges: UPDATE for all graphsets
System privileges: SHOW_POLICY, ALTER_GRAPH
Property privileges:
- Node properties: read all node properties
- Edge properties:
  - write edge properties value and time in the graphset Tax
  - deny (Do not allow read and write) edge property score of the schema rate in the graphset miniCircle
Policies: manager

create().policy("Tester").params({
  graph_privileges: {"*": ["UPDATE"]}, 
  system_privileges: ["SHOW_POLICY", "ALTER_GRAPH"],
  property_privileges: {
    "node": {
      "read": [
        ["*", "*", "*"]
      ]
    },
    "edge": {
      "write": [
        ["Tax", "*", "value"],
        ["Tax", "*", "time"]
      ],
      "deny": [
        ["miniCircle", "rates", "score"]
      ]
    }
  },
  policies: ["manager"]
})

Altering a Policy

You can alter the privileges and policies included in a policy using the alter().policy().set() statement. Note that only the specified items will be updated; others will remain unchanged.

Syntax

alter().policy("<name>").set({
  graph_privileges: {
    "<graph>": ["<graphPriv>", "<graphPriv>", ...],
    ...
  }, 
  system_privileges: ["<systemPriv>", "<systemPriv>", ...], 
  property_privileges: {
    "node": {
      "<propertyPriv>": [
        ["<graph>", "<schema>", "<property>"],
        ...
      ],
      ...
    },
    "edge": {
      "<propertyPriv>": [
        ["<graph>", "<schema>", "<property>"],
        ...
      ],
      ...
    }
  },
  policies: ["<policyName>", "<policyName>", ...]
})

Method	Param	Description
`policy()`	`<name>`	Name of the policy.
`set()`	`graph_privileges`	Specifies new graph privileges to include in the policy; uses `"*"` to specify all graphsets.
	`system_privileges`	Specifies new system privileges to include in the policy.
	`property_privileges`	Specifies new `node` and `edge` property privileges to include in the policy; uses `["", "", "*"]` to specify all graphsets, all schemas, or all properties.
	`policies`	Specifies new policies to include in the policy.

Examples

To modify graph privileges included in the policy sales while keeping privilege types and policies unchanged:

alter().policy("Tester").set({graph_privileges: {"Tax": ["UPDATE"]}})

To modify the graph and property privileges, and policies included in the policy manager while keeping the system privileges unchanged:

alter().policy("manager").set({
  graph_privileges: {"*": ["UPDATE", "DELETE"]},
  property_privileges: {
    "node": {
      "write": [["miniCircle","*","*"]]
    },
    "edge": {
      "write": [["miniCircle","*","*"]]
    }
  },
  policies: ["sales"]
})

Granting to a Policy

You can grant additional privileges and policies to a policy using the grant().policy().params() statement. Note that the existing privileges and policies involved in the policy remain unchanged.

Syntax

grant().policy("<policyName>").params({
  graph_privileges: {
    "<graph>": ["<graphPriv>", "<graphPriv>", ...],
    ...
  }, 
  system_privileges: ["<systemPriv>", "<systemPriv>", ...], 
  property_privileges: {
    "node": {
      "<propertyPriv>": [
        ["<graph>", "<schema>", "<property>"],
        ...
      ],
      ...
    },
    "edge": {
      "<propertyPriv>": [
        ["<graph>", "<schema>", "<property>"],
        ...
      ],
      ...
    }
  },
  policies: ["<policyName>", "<policyName>", ...]
})

Method	Param	Description
`policy()`	`<name>`	Name of the policy.
`params()`	`graph_privileges`	Specifies additional graph privileges to grant to the policy; uses `"*"` to specify all graphsets.
	`system_privileges`	Specifies additional system privileges to grant to the policy.
	`property_privileges`	Specifies additional `node` and `edge` property privileges to grant to the policy; uses `["", "", "*"]` to specify all graphsets, all schemas, or all properties.
	`policies`	Specifies additional policies to grant to the policy.

Examples

To grant the graph privileges CREATE_SCHEMA and DROP_SCHEMA of the graphset Tax, and system privilege ADD_HDC_SERVER to the policy manager:

grant().policy("manager").params({
  graph_privileges: {"Tax": ["CREATE_SCHEMA", "DROP_SCHEMA"]}, 
  system_privileges: ["ADD_HDC_SERVER"]
})

Revoking from a Policy

You can revoke specified privileges and policies from a policy using the revoke().policy().params() statement.

Syntax

revoke().policy("<policyName>").params({
  graph_privileges: {
    "<graph>": ["<graphPriv>", "<graphPriv>", ...],
    ...
  }, 
  system_privileges: ["<systemPriv>", "<systemPriv>", ...], 
  property_privileges: {
    "node": {
      "<propertyPriv>": [
        ["<graph>", "<schema>", "<property>"],
        ...
      ],
      ...
    },
    "edge": {
      "<propertyPriv>": [
        ["<graph>", "<schema>", "<property>"],
        ...
      ],
      ...
    }
  },
  policies: ["<policyName>", "<policyName>", ...]
})

Method	Param	Description
`policy()`	`<name>`	Name of the policy.
`params()`	`graph_privileges`	Specifies graph privileges to revoke from the policy; uses `"*"` to specify all graphsets.
	`system_privileges`	Specifies system privileges to revoke from the policy.
	`property_privileges`	Specifies `node` and `edge` property privileges to revoke from the policy; uses `["", "", "*"]` to specify all graphsets, all schemas, or all properties.
	`policies`	Specifies policies to revoke from the policy.

Examples

To revoke the graph privileges CREATE_SCHEMA and DROP_SCHEMA of the graphset Tax, and system privilege ADD_HDC_SERVER from the policy manager:

revoke().policy("manager").params({
  graph_privileges: {"Tax": ["CREATE_SCHEMA", "DROP_SCHEMA"]}, 
  system_privileges: ["ADD_HDC_SERVER"]
})

Dropping a Policy

You can drop a policy using the drop().policy() statement.

To drop the policy manager:

drop().policy("manager")

ID
Product
Status
Cores
Applied Validity Period(days)
Effective Date
Excpired Date
Mac Address
Apply Comment
Review Comment